Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: phranque
I have heard of spammers or other anti-e-social types using such scripts to forward spam or unpleasant messages.
Has anyone seen a "Tell A Friend" script & mailer that has reasonable protections against such mayhem? If so, where?
It prevents spamming since the outgoing email has the senders name and address on it, so it better be going to only friends.
That information comes from the database as part of their profile so they are not apt to spam.
I think I'd definitely limit the fields to "email" and "sender's name".
Another thing I would do is limit the number of times a person could refer a link to someone to prevent malicious/annoying email. I'd also make sure there was no way the mailer worked unless the referer was from the page you have the "send to a friend" link on.
If you want the person sending the link to be able to enter their name, how about just limiting the "sender" field to 15 characters or so? If you want to prevent links from being sent, I'd use a string checker to check and make sure there's no "http://" or "www".
Its late though, so someone will surely come along and point out all the flaws while I'm asleep :)